If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

nmap - including extra ports in the scan

I wrote a script to audit the firewalls / services visible "outside" from all of my employers networks. The networks host pretty different kind of services, and include both "normal" and custom ports. My problem is that currently I'm running out of time while scanning approximately two /24 networks a day (so my timeframe is 12h per network).

The script breaks if the previous scan is still running when a new one starts...

The firewall configurations differ quite a lot from one hosting center to another, in several of them we don't manage it ourselves. Currently I'm having to use the "assume hosts are up" switch to ensure all machines are actually scanned.

We have quite a lot of services running on exotic ports, but also generic stuff. Now I could set the ports so that I'm only monitoring the ports I assume will be open, but I feel it's quite risky. All it takes is a few mistakes and I'll have something open to the internet that I don't detect. So what I would really want, is having all the default ports monitored, and add to this a few custom ranges.

From what I've understood the only way to do this would be to edit the nmap-services file by hand and add the services (and custom frequency??) there? It seems quite cumbersome and prone to error, plus it would make updating nmap a nightmare.

Is there any elegant solution to this? Somehow you would think it would be possible to add something like a -p +25000-25050 switch to have this range added to what will be scanned by default...

I asked this exact same thing about a month ago. If there is anyway to just add ports to the default list on the fly.

Like nmap -p+4444,4445 x.x.x.x .. the short answer is no currently there is not. I did speak to one of the devs and they said throw a e-mail to nmap and they could probably put out a patch in a few days, but i never got around to it as i only needed it for a few scans.

Your best bet .. is to do a default scan, then do another scan with your custom ports and combine the output either by hand or witha custom script depending on what you want.

Alternatively you could do something like this ... grab all the default ports that nmap normaly uses and write it all out into a batch file, then just use that script to add in your ports like so

I was considering splitting it into two scans, but I don't think there would be an easy way to combine the results. I also would not want to be running 4 scans a day if I can just manage with two. I'm currently exporting to xml and using ndiff on the results, then mailing the output to myself.